WordPress Scrollbar by webxapp plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin versions = 1.3.0...

WordPress BP Member Type Manager plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin BP Member Type Manager versions = 1.01...

PT-2024-33564 · Unknown · Brandon White Author Discussion

Name of the Vulnerable Software and Affected Versions: Brandon White Author Discussion versions 0.2.2 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command...

PT-2024-39924 · WordPress · Parallax Image

Name of the Vulnerable Software and Affected Versions: Parallax Image plugin for WordPress version 1.8 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dd-parallax shortcode, allowing authenticated...

WordPress Fonto – Custom Web Fonts Manager plugin <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Fonto versions = 1.2.1...

WordPress Akismet htaccess writer plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Akismet htaccess writer versions = 1.0.1...

WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Da Reactions versions = 5.1.5...

WordPress RS-Members plugin <= 1.0.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin RS-Members versions = 1.0.3...

WordPress Hunk Companion plugin <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation vulnerability

Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation vulnerability discovered by Sean Murphy in WordPress Plugin Hunk Companion versions = 1.8.4...

WordPress Survey Maker plugin <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Survey Maker versions = 4.9.5...

WordPress Themify Builder plugin <= 7.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Themify Builder versions = 7.6.2...

WordPress plugin Starter Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Timeline 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress Ultimate Member plugin <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin Ultimate Member versions = 2.8.6...

WordPress plugin Aggregator Advanced Settings 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...

WordPress plugin Unseen Blog 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-38646 · WordPress · 123.Chat

Name of the Vulnerable Software and Affected Versions: 123.chat - Video Chat plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers...

WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Hakiduck in WordPress Plugin Multi Step for Contact Form versions = 2.7.7...

PT-2024-11712 · WordPress · Wordpress Visitors

Name of the Vulnerable Software and Affected Versions: WordPress Visitors plugin for WordPress version 1.0 Description: The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value due to insufficient input sanitization and output...